Me and 3 others are developing a production-tier Bitcoin Exchange. There's so many things that can go wrong, so we over-engineer it to accompany for almost all errors and vulnerabilities.
If you're interested in the design challenges involved in a project like this - get to know us. Ask your question here and someone from the team will answer.
Hey what do you think is going to be the hardest marketing challenge for you guys?
And what's your unique selling proposition going to be like?
We're launching in the Nordic/Scandinavian region. Here we have a system for easy identification, so the main selling point is gonna be:
[*] No ID verification required, get your Bitcoins in seconds!
And also, the trustworthyness that NemID (used here for online identification) btings.
As for marketing.
We're not a huge company, so the marketing aspect is tricky. Luckily I was born under a lucky star, and my mother is a marketing executive, who does probono work for us.
We also have an investor that pumps in money when necessary for licenses, ad space, etc.
Where is the funding coming from? VC cash? How did you sell it to them?
This is an interesting one.
In order to fulfill orders instantly, we need to take a VC loan to fulfill purchase orders. Let's say user A decides to buy 50.000 USD of Bitcoin. We need to make a transaction this large on whatever exchange is cheapest at the time, but obviously, if this order was put in, in the early stages of the company, we don't have 50.000 USD ready in the Kraken/Bitstamp/Bithumb account to get their funds.
But we do. We have a NN running alongside the core that monitors transaction volume and average sizes. We use this to determine what amount should be in "hot storage" (on the exchanges) at any given point.
We also function like Coinbase in the sense that we allow users to store their funds on our site (we generate wallets, and run a Blockchain service on one of our machines). So the moving of funds between "vault servers" (100% cold storage) to hot wallets (exchange wallets), is quite tricky and we have developed a new protocol for doing this, that is nearly impossible to crack.
Luckily, I was born into a family that had a VC in it (I'm his nephew), so that's where we get our startup-capital in exchange for 10% equity.
Also it helps that our direct compititors are mostly incompetent.
Why are you posting here?
Well I really hope you have thought about every vulnerability , not to mention that you are accounting for the fees to be sent and orders.
I just finished work for today. It helps me remember things about the project structure if I actually have to explain what I've done.
Obviously I won't share any source code or confidential information that could be used in a possible attack.
We have developed a specifial protocol based on various sources (e.g the XBOX internal leaks) for safely transmitting sensitive data (such as private keys) over a network.
The funds are all in true cold storage -- except for the small portion that's not (for withdrawals to wallets that don't belong to the exchange).
My question was why would you want to be associated with such a Jow Forumsite board?
Well I do algo trading but the market you are getting into is pretty crowded and you are gonna have institutions to fight as well soon. Not to mention the lowest price may not be the best fit.
For example lets say someone wants to buy $50,000 of btc , the lowest priced exchange might have it for cheaper , but may not have the volume at that level to get the order filled. If you instead market buy it on the cheaper exchange with low volume you run the risk of a large amount of slippage and you end with less btc.
I don't think this board is particularly bad. It's the only one I leech on sometimes.
As for brand damage; I don't think anything is done. I could be working for a number of exchanges.
In the end we're all just people. Even as CEO of this company, I still have things I enjoy. One of them is Jow Forums. I don't see association as anything bad.
Yeah. We have a function that takes an array of SELL orders (the sell wall), and analyze how long it would take to complete a fictional transaction of 50.000 USD. We test this on each exchange we support. Then finally we weigh estimated completion time vs. arbitrage price, and land on an exchange to execute the order on.
It is crowded, but we're launching in a space where there's only 2-3 active brokers, all making millions. And the barrier-to-entry is ridicuously high (namely, be a citizen and have a large budget, or be a skilled coder yourself). So we're not really that worried about competition, although we definitely will do some marketing. ;)
>we have developed a new protocol for doing this, that is nearly impossible to crack.
What makes you so sure?
what's your past programming experience? how old are you?
Studied network protcols for the better part of 5 years.
I wish I could post a diagram, and some of the explanations, but sorry, those are reserved for the eventual patent.
I'm 22. I've been programming since I was 11.
Nice and well thought through , but how are you going to get around the request rate limits? Just pool what the sum of what the users would want over a second?
I know coinbasepro limits you to around 5 private api calls a second.
is exchanging centralized? if so, how will you make your users trust you?
We're using a RateGate in the beginning. Essentially a system that allows you to predefine how many actions to perform in a given time interval. This allows is to dodge getting temporarily banned from the API(s).
In the long run, we'll probably have multiple corporate accounts for each exchange, further "scaling" this solution (or do private negotiations with the exchanges if our volume is big enough).
As mentioned, the design of the exchange is more like Coinbase than Binance (normie friendly, essentially). Our target audience is not really people who are big on decentralization.
so basically you provide a kind of meta-exchange that holds your coins in cold storage and matches offers that come through your site with offers on different exchanges?
Do you plan on offering leveraged trading?
>nearly impossible to crack
No it's more like a brokerage firm. We create corporate accounts with all the major exchanges. We have "intelligent" implementations to determine which one is cheapest to execute the order on. Then we withdraw the bought funds to the users wallet (either on our site, or a remote address).
So essentially: Coinbase -- except with arbitrage support for better deals.
You'd need the internal private keys that are in absolute zero cold storage, along with good reverse engineering skills. And then, once that's done. You'd be left with a huge number of encrypted private keys (because we don't even have access to them.)
Would be interesting -- but doesn't fit the target audience I'm afraid.
>.cs
yep, that's going in my cringe compilation....
Please come back once you know what you're talking about, fampai.
I was also going to question this choice as well but not in that way , I would have gone with golang instead due to great web capability , but I dont know enough about c# to make a well formed argument on it.
The web-lang we chose interfaces with our C# core through sockets, and after testing, we've found it to be the fastest and most reliable.
good luck with that (i'm not being sarcastic). i built a trading system for a wealthy guy a few years ago. he threw lots of money at it and we had a sharp wall street guy on our team. on paper, everything looked good and the dude should have made good money over time. but in reality, in the real trading world, it seems like everything's always just a tiny bit out of reach. after about 18 months, he threw in the towel because he wasn't making any money from it.
Actually I retract my .cs cringe. I just looked at Coinbase's job reqs for Coinbase Backend and it is Node, Java, and Kotlin. Which are infinitely worse. Like how in the mother of all fucks do they write financial code in a language with only floats...
jesus, are you another one of those stupid code-language fags?
java has doubles, you moron.
Our business model of comission based though. We're not trying to guess the price of a currency. This is not a trading bot.
We're gonna try to keep the entire backend in C#. Introducing a clusterfuck of different languages is asking for trouble.
Irony bro. At least I am not one of the fucking weebs of Jow Forums who shills C++ as the pinnacle of all languages because they don't understand productivity and want to program muh vidya gaymes.
Good luck, user.
It's nice to see that there's more to this board than just mindless OS-wars and shilling.
>crypto brokerage
Can you explain the general business plan? I'm assuming that you pocket a % of every trade made in your exchange, however doesn't that make you incredibly volume dependent? How soon are you planning to make money off of this project?
The real money sink in a project like this is developing the actual software to power the whole thing. Dedicated server up-keep isn't actually that much of a hurdle to overcome.
You're right -- since we take a 3.5% comission on every transaction (due to the risk we're putting ourselves in, with creditcard chargebacks). A calculation we ran a few weeks back would put is at profitability within the first 2 weeks of launch.
Well I wish you luck but I cant see myself using it as for the aforementioned bots I already have running. Is there I way I can remain updated on the progress you guys make or should I just remain vigilant when looking through the news?
Thanks. I'll find a way to keep you updated. :) Hold the phone.
can you please explain bitcoin to me, and elaborate how i should go about getting a 'wallet' i am not a fudd, just wanna learn slow and detailed... i nu bout bc, before the meme like 2009 or 2008..
this is bait, yes?
>protocol [...] that is nearly impossible to crack
From your answers farther down in the thread, you say you developed the protocol on your own after 5 years of network studies? That's a huge red flag - I work in hardware security & would never dream of using my own protocol over an existing one.
This is poorly thought out.
We're using traditional TCP for all regular communications. However, I can't go into it further, but there's a specific action that happens once in a while that carries highly sensitive data that -requires- a modified UDP protocol for me to sleep at night. Put in an application if you want the full explanation, I don't think the shareholders would be too happy with me sharing this here.
>-requires- a modified UDP protocol
Red Flag AF, This is just screaming to be discovered.
>"Hey john, whats up with this strange packet that STANDS OUT amongst all the other traffic?"
I am highly familiar with the entire network stack, and I know what you think is an issue. I can assure you if you had context, it's not a "red flag" at all.
Either way, I'm gonna post a link once it's all done. We have quite nice vulnerability bounties (75000 USD for locating one of our cold storage servers).
sure, if I get bored I might poke around a bit.
no i will even pay you for your time...
Why are you using Windows?
Do you want to get hacked in the first 24 hours.
How are you getting over the federal KYC/AML requirements?
Are you incorporated in some tax haven? Do you host in the US at all?
Short answer: yes. Most of our employees are European, but the headquarters are in Zug, Switzerland.
Though Switzerland is far from a "tax haven", but the liberal spirit (liberal in the true sense of the word, not the antifa reee) of the country is really aligned perfectly with our corporate ideals.
We host in Lichtenstein -- forgot to mention that.
drop the C#/.NET Core user, kestrel is shit and so is MVC, and so is MW. either man up and go with Hyper/Actix, if you are good then C is the only sane answer, otherwise youll be forced to
1. Rewrite everything to use Span because GC will destroy your trading engine due to DDoS attacks
2. Shut down after 1 fails
t. someone who DDoSes crypto exchanges for fun, profit and ransom lulz (and just so we're clear, i took down Coinbase,Bitmain,Binance,Bittrex and Bitfinex)
I want to know why you're bothering with a dead horse.
>A calculation we ran a few weeks back would put is at profitability within the first 2 weeks of launch.
X
cool story bro
>highly sensitive data that -requires- a modified UDP protocol
That sounds terrible. UDP has no connection control so if the packet is lost the receiver won't even know it was sent.
>t. someone who DDoSes crypto exchanges...
oh go...hold on...my sides......my sides!!!
if the packet gets lost it wasn't important in the first place.
I recommend investing 20-30 thousand dollars in a real security company to do a code review/assessment. Otherwise you're increasing the risk you'll get wrecked.
So it's fine if packets with "highly sensitive" data go missing without a trace?
Sounds legit.
it was sarcasm
I can't tell if you're being legit. But if there's something we've overlooked with a memory attack (obviously we'll limit core IO from the interface to mitigate L7 ddosing).
If you are being legit -- please do elaborate.
Or gimme your contact details.
We have systems in place to detect a packet misfire. The reciever expects the packet, and if not recieved, or corrupted, it'll ask for a new one.
We have at least 2 guys that are well-versed in code audits, and also a responible disclosure program that goes up to 75000 USD.
How do I go from hobby coder to leet network security haxor?
>We have at least 2 guys that are well-versed in code audits, and also a responible disclosure program that goes up to 75000 USD.
Oh, nice.
>The reciever expects the packet, and if not recieved, or corrupted, it'll ask for a new one.
Then why bother with UDP?
You know what that is what TCP handles, right?
nah, not yet, you'll have my contact info when i ask for ransom, sorry user, this is how it goes in the crypto world.
you use your own protocol and you're going to be holding a lot of other peoples money, and you're launching in the scandi region?
Thanks for the free money faggot
It's not. I can't go into detail, but it sets up a flag in a shared location that tells it it hasn't recieved the expected packet. It has to do this, because the communication can only go one way for the security to be intact.
Looking forward to lmaoing at your attempts.
>NemID
As someone who lives in Denmark I'm interest in how it's going to work. Will the money go into a nemkonto automatically? What about SKAT? Also, can you cash out from existing bitcoin wallets?
lmooaaaa how easy it would be to find a vuln by sending packets and seeing what sticks
Jesus christ do you reckon OP is for real?
So all I have to do is MITM you, intercept the UDP packet and then wait for the receiver to send a request for the new packet?
Sounds great.
pretty stupid to come here and flex with your hackforum elitism user, i can pop any site on l7 and any firewall on l3, consider that i get around 100k daily installs on mobile phones for my ddoser i dont see why you still think i wont take down your shitty startup exchange, there's literally no target I cant take down, including the CNDs like CF/Akamai.
sure bud
This is even more deluded than thinking you can start up a secure crypto exchange by rolling your own security.
You have no fucking clue about system architecture do you?
You'll have to find a RCE in the front panel. RE all our corelibs. You're gonna have a hard time finding our vault servers. And then finally, once you get to the server that recieves the sensitive data, you're shit out of luck, because
a) you're gonna have no idea how it works, and honestly you don't seem very knowledgeable in this field
b) let's say by some miracle you intercept the pkey packet. You're now left with assymetrically encrypted garbage. GG.
In practice, there's now way you could even get this far because of some other measures we have in place, but keep on being a skid.
Hey nordbro.
The money can be withdrawn to any creditcard you choose (we have a special deal with our payment service provider). Think of it like MobilePay, where you don't need to supply banking information, just your creditcard.
This thread is fucking amusing, and Jow Forums is showing its true colors. Glad I started it.
You're right, I don't know anything about your system architecture yet.
But, you're still doing stupid insecure shit.
If you're encrypting those packets there's two things you could be doing; either using a public/private key pair or you're using seed based encryption.
Having a communication method that allows the interception, withholding and injection of packets at will when you're using these encryption methods for something mission critical is just plain stupid. It can lead to working out the seeds. At least if you use a session based method each session would be encrypted with a different key.
I think you're misunderstanding. The mission-critical "Ghost fork" protocol (as we like to refer to it as, as it has security features not present in typical UDP) runs on a semi-cold machine, that only has a limited interface exposure to the Internet. This is not userland where people can fuck around and probe protocol.
If someone did manage to get in, they'd have to reverse this (what is deemed by the security consultants we have onboard) highly secure addon to the UDP protocol.
I think the most in-depth I can go is: The machine that recieves the sensitive data has no idea where it came from (we're sending it directly over a hardware network card, thereby bypassing the Windows network stack. Hence, why it is called the "Ghost" protocol.
Do you have a contact email? Would like to interview you guys and write an article about your venture. Especially cause you're so young people will want to read about it.
Sure thing.
privatexchange at protonmail.ch
That's privateXchange
Not private exchange.
Awesome, thanks.
Okay, I'm getting a better picture of your infrastructure now.
It's still stupid, but at least you're hiding your stupidity deep within the physical infrastructure.
I'd really appreciate it if you could elaborate on what's 'stupid' about this implementation? We're not modifying the protocol structure, merely changing it to anonymize it a bit more.
in which Scandinavian country are you located/which city?
would hire someone that's basically straight out of uni?
Denmark.
What did you study at uni, and at what university?
bachelor in information science at the university of Bergen.
I got hired as soon as I graduated, but that's only like 3 months ago
Why even reduce the security to anonymize it more?
Why not instead maximize the security of it and beef up the credentials. What are you actually gaining from the anonymity?
Obscurity and anonymity are not replacements for security. If you fail to realize that you guys are already doomed. The fact that you’re unwilling to post your protocol already shows how uncertain you are about it.
Also C#? Why such a poor choice for processing transactions where literally microseconds can cost millions, you guys are idiots.
When I read stuff like this I get incredibly jealous. Why did I have to be born to a poor and stupid family?
>denmark connection
>zug in switzerland
pretty sure i met you or someone you know at some point in the past
gonna throw out some initials: NN, KL, NvB
any of these ring a bell?
This guy doesn't even realize what the project is about.
We're not an exchange, dude. We're a broker. The *actual* exchanges (Bitstamp, Kraken, etc.) is the bottleneck, not our pipeline that has less than a ms of latency.
Your last comment about C# is embarresing. Go ahead and look at what other brokers are employing at the moment (hint Python developers for one).
Just before I type out my reply: I'm not blaming you at all here. It's hard to come with criticism when you're not fully in-the-know, of how stuff works.
Anonymization is a security feature in the way we have implemented it. It essentially makes it so the storage vaults (where all the shekels lie), are disconnected vaults.
The entire machine is on encrypted hardware, we can literally get hacked, generate new private keys, and not even have to move funds around (obviously we would anyways though, and patch the hole). But as it stands now, none of the beta testers we've let onto the platform have managed to find anything (as you cannot actually craft your own packets, only supply input, that we heavily sanitize). The only viable attack vector is revealing the network infrastructure, which is difficult when 90% of it is disconnected.
But even if the chance of a full network map being discovered is miniscule, we're still putting most of our focus on probing that before launch to ensure we're absolute bulletproof.
Much love.
A fellow nordbro.
We actually have a candidate from Drammen currently. Shoot us an e-mail privatexchange at protonmail.ch, a github repo would help a lot so I can see what you're capable of.
I recognize these, and I can't say if I'm associated with them. ;)))
Recognize LSC?
Even though I'm not in your situation, I feel for you. Getting VC is not easy unless you have an impressive portfolio or was born into a wealthy family.
I'm sorry user. Hope stuff works out for you. Luckily, you can build amazing works of engineering by yourself in programming, without any capital requirement and slowly work your way towards financial stability.
absolutely recognize that
good luck with your exchange, i'm sure you have more than capable advice on your hands
Thanks for the kind words user. You a fellow danebro aswell?
>we’re developing a “a production-tier Bitcoin Exchange”
>we’re not an exchange, we’re a broker
Sorry for my confusion, you had me confused. Explain to me how you can PROVE you protocol is secure, and not just say “we’ll they’d have to do X,Y,Z”
>we use C# because other people use shitty choices
If your selling point is security you had the option to choose much better languages than C#, if speed isn’t a concern it should have been and you should have chosen a much faster language.
>It essentially makes it so the storage vaults (where all the shekels lie), are disconnected vaults.
Except it doesn't, because they're all aware of each other. They're sending packets to known addresses and expecting packets from known addresses.
They're not, in any way, "essentially disconnected".
What is your IQ? How do you have all that stuff figured out not only about the technical details but about the business side as well at 22?
How actually technically competent are you? Can you, say, write x86 assembly? C? C++?
Do you have a degree?
How many hours per day did you spend messing with computers and stuff to learn all that so young?
When did you decide for sure you were going to be a developer?
german
>nemid
>To obtain NemID you cango toa citizen service centre, you can request NemID in your bank, or you can request NemID online
>tying crypto that is supposed to be anonymous to irl identity
\pol\ was right. Jews will try to destroy crypto.
also C#...